The healthcare sector has been transformed in recent years, as both state-run and private healthcare organisations have embraced mobile and collaborative technologies. The move to incorporate “transformative technologies” is driven by two fundamentals – to improve the standard of patient care and to realise improvements in process and productivity.
Healthcare as a sector has lagged behind other service industries in its adoption of technology. Perhaps because of the sensitive nature of the data it deals with, or because of the wide diversity of geographies, technologies and stakeholders involved.
As connectivity and mobility have become the standard, and there has been a consolidated effort by most organisations to centralise patient records, the industry has found itself in a position to exploit new technologies and create better outcomes for clinicians and patients alike.
As the IT infrastructure that supports healthcare has broken down traditional boundaries, it has enabled information sharing, mobile access to patient records, remote diagnostics and collaborative case management. It has also moved sensitive patient data out from the centre, to the edge of the network.
These improvements in connectivity have resulted in an increased use of big data applications – such as HD video, collaboration and immersive applications. This, in turn, has led to a significant increase in the adoption of Cloud and data centre services within the sector.
The benefits of improved productivity, availability and flexibility have, however, come at a cost. Security. Or more precisely, data protection.
Healthcare data is a valuable commodity and an attractive prospect to cyber-criminals. It typically contains enough information for identity thieves, along with sensitive medical information that could be used for blackmail, embarrassment or other malicious intent.
The high value of healthcare data has resulted in a significant increase in cyber-attacks in the past year. According to the Ponemon Institute’s 2016 Cost of a Data Breach report, the average cost per lost or stolen healthcare record was more than twice the global average. ($355 versus $158 respectively).
Last year, saw an average of more than one healthcare data breach per day. In fact, healthcare led all sectors in the first half of last year, with a total of 263 breaches resulting in the loss of over 30 million patient records. (Gemalto Breach Level Index 2016).
Of equal concern is the time it takes for the industry to realise it has suffered a breach and to notify the affected individuals. In 2016, it took healthcare organisations an average of 233 days to discover the breach and a further 111 days before it was reported.
A lack of budget or technical resource could be to blame, but so could a casual approach to data monitoring and protection; resulting in the adoption of a reactive approach to breaches.
The situation has been further complicated in the past by a lack of a consistent regulatory framework for data protection. However, this looks set to change with the introduction of the General Data Protection Regulation across Europe and other emerging data protection legislation.
The costs associated with a data breach go beyond failure to comply with regulations and exposure to possible financial penalties. They impact directly on patient privacy and well-being.
There is an oft-spoken analogy when it comes to healthcare. Prevention is better than cure. It is past time that IT departments within the healthcare sector took this on board and started immunising healthcare data against the effects of loss or theft.
The networks themselves are never going to be secure, so IT needs to protect the data itself. The best way to do this is by using encryption. Only by using a robust encryption solution can healthcare data owners and processors be assured that the data is rendered useless in the hands of unauthorised users.
IDQ is a world leader in quantum-safe encryption solutions, providing long-term protection for sensitive healthcare data in a post-quantum computing era. For more information on our data network encryption solutions, visit http://www.idquantique.com/quantum-safe-crypto/network-encryption/